I'm looking to export a report of NTLM and Kerberos Authentication success and failure in Active Directory.
Is there any way or via powerhsell script.
I'm looking to export a report of NTLM and Kerberos Authentication success and failure in Active Directory.
Is there any way or via powerhsell script.
Event Description:
This event generates every time the Key Distribution Center fails to issue a Kerberos Ticket Granting Ticket (TGT). This problem can occur when a domain controller doesn’t have a certificate installed for smart card authentication (for example, with a “Domain Controller” or “Domain Controller Authentication” template), the user’s password has expired, or the wrong password was provided.
This event generates only on domain controllers.
This event is not generated if “Do not require Kerberos preauthentication” option is set for the account.

Event Description:
This event generates every time that a credential validation occurs using NTLM authentication.
This event occurs only on the computer that is authoritative for the provided credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.
It shows successful and unsuccessful credential validation attempts.

reference:https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4771
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4776
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky
5 people are following this question.